GDPR Compliance

Our Commitment to GDPR Compliance

sleek-spark is committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with these regulations and outlines your rights.

Data Controller

sleek-spark is the data controller responsible for your personal data. Our contact details are:

sleek-spark
47 Clerkenwell Road
London EC1M 5RS
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so. The lawful bases we rely on include:

Consent

Where you have given us explicit consent to process your personal data for specific purposes, such as marketing communications. You can withdraw your consent at any time.

Contract Performance

Where processing is necessary to perform a contract with you (e.g., processing your course booking) or to take steps at your request before entering into a contract.

Legitimate Interests

Where processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. This includes improving our services and communicating with you about your bookings.

Legal Obligation

Where processing is necessary to comply with a legal obligation, such as keeping records for tax purposes.

Your Rights Under GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a "subject access request". We will respond to your request within one month of receiving it.

Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, including:

• When the data is no longer necessary for its original purpose
• When you withdraw consent (where consent was the basis for processing)
• When you object to processing and there are no overriding legitimate grounds
• When the data has been unlawfully processed

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when you object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interests (or those of a third party) as our legal basis for processing. You also have the right to object to processing for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not currently engage in automated decision-making.

How to Exercise Your Rights

To exercise any of your rights, please contact us at:

• Email: [email protected]
• Post: sleek-spark, 47 Clerkenwell Road, London EC1M 5RS

We will respond to your request within one month. We may need to verify your identity before processing your request. If your request is complex or you have made numerous requests, we may extend the response period by a further two months, in which case we will inform you of this extension.

Data Security

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit using SSL/TLS
• Regular security assessments
• Access controls to limit data access to authorised personnel
• Staff training on data protection

International Transfers

We do not routinely transfer your personal data outside the United Kingdom. If we do need to transfer data internationally, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

Updates to This Information

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated revision date.

Last updated: January 2024